Information Security Reviews

We have conducted information security reviews in many organisations to help them understand the effectiveness of their security controls. We can conduct reviews against a range of industry standards, including ISO 27002, PCI DSS and the Australian Government’s ISM.

ISO 27002

The ISO 27002 (ISO/IEC 27002:2013) International Standard describes a list of best practice information security controls (e.g. antivirus, firewalls, passwords, backups, etc) that are applicable to most organisations. It is commonly used as a review checklist to determine whether any information security controls have been overlooked in an organisation.

Some organisations are starting to request ISO 27002 compliance reports from their business partners. The reports help them determine whether appropriate information security controls have been implemented by their business partners, and whether they should be allowed access to information and IT systems. Questions related to the ISO 27002 controls are also beginning to appear more frequently in tender requests.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is developed by a consortium of payment card companies including Visa, MasterCard and American Express. It sets standards for information security that must be adopted by organisations storing, processing or transmitting payment card numbers.

ISM

The Australian Government’s Information Security Manual (ISM) details security controls that government agencies can use to protect their information and systems. It is developed by the Australian Signals Directorate, an intelligence agency in the Australian Government Department of Defence.

Compliance to the controls in the ISM is often mandated for companies providing services to government agencies.